Stuck at logic | Defend the Web

darkcyber
9 years ago

1

Already read about XPATH injection, read many thread.

I think the original query is simple like IF username AND password TRUE then login, but the mission is login with realname ‘Sandra Murphy’ , okay we just have realname only without username and password, probably we can inject the username section with TRUE condition and mix with realname criteria. lets assume users table have id,username,password, and realname.

i have try

username : x' or ‘1’=‘1’ or realname/text()=‘Sandra Murphy
password : x’ or ‘1’=‘1

but still no luck within 60 attemps LoL (with many inject variation)

whats wrong with my logic ? hope anyone help me.

dloser
9 years ago

0

Don’t think of it as an if-then, but, just as with SQL, as selecting which users match. Also, try to think of what the query could look like (you can even find an example in the forum) and see what happens when you put in your inputs.

nakee
9 years ago

0

You are very close though

darkcyber
9 years ago

0

@nakee then where is my mistake bro ? :D

tl0tr
9 years ago

0

Somewhere in the username that you have mentioned above. Good Luck.

darkcyber
9 years ago

0

Thanks @nakee

Just read the the very old thread in last page, and i solve in one shoot :p.
Actually i am really close LoL, for you who stuck at this level, to make your task simple leave password blank and fill the username with my injection above. yeah my logic injection is correct, login as X or return True or realname ‘Sandra Murphy’. but so sad the injection above is in bad order. so just correct the order and you will solve in one shoot. in other word just return TRUE with Sandra Murphy. bad order bad order bad order.

@tl0tr
Hahaha… yeah i solved it bro.

Let me know if my hint too close too be true.

Thanks all , just finished Main, Basic, And Intermediate.